|
 |
c05f5d |
diff -up openssl-1.0.2a/apps/openssl.cnf.defaults openssl-1.0.2a/apps/openssl.cnf
|
|
|
c05f5d |
--- openssl-1.0.2a/apps/openssl.cnf.defaults 2015-03-19 14:30:36.000000000 +0100
|
|
|
c05f5d |
+++ openssl-1.0.2a/apps/openssl.cnf 2015-04-20 14:37:10.112271850 +0200
|
|
|
c05f5d |
@@ -72,7 +72,7 @@ cert_opt = ca_default # Certificate fi
|
|
|
c05f5d |
|
|
|
c05f5d |
default_days = 365 # how long to certify for
|
|
|
c05f5d |
default_crl_days= 30 # how long before next CRL
|
|
|
c05f5d |
-default_md = default # use public key default MD
|
|
|
c05f5d |
+default_md = sha256 # use SHA-256 by default
|
|
|
c05f5d |
preserve = no # keep passed DN ordering
|
|
|
c05f5d |
|
|
|
c05f5d |
# A few difference way of specifying how similar the request should look
|
|
|
c05f5d |
@@ -104,6 +104,7 @@ emailAddress = optional
|
|
|
c05f5d |
####################################################################
|
|
|
c05f5d |
[ req ]
|
|
|
c05f5d |
default_bits = 2048
|
|
|
c05f5d |
+default_md = sha256
|
|
|
c05f5d |
default_keyfile = privkey.pem
|
|
|
c05f5d |
distinguished_name = req_distinguished_name
|
|
|
c05f5d |
attributes = req_attributes
|
|
|
c05f5d |
@@ -126,17 +127,18 @@ string_mask = utf8only
|
|
|
c05f5d |
|
|
|
c05f5d |
[ req_distinguished_name ]
|
|
|
c05f5d |
countryName = Country Name (2 letter code)
|
|
|
c05f5d |
-countryName_default = AU
|
|
|
c05f5d |
+countryName_default = XX
|
|
|
c05f5d |
countryName_min = 2
|
|
|
c05f5d |
countryName_max = 2
|
|
|
c05f5d |
|
|
|
c05f5d |
stateOrProvinceName = State or Province Name (full name)
|
|
|
c05f5d |
-stateOrProvinceName_default = Some-State
|
|
|
c05f5d |
+#stateOrProvinceName_default = Default Province
|
|
|
c05f5d |
|
|
|
c05f5d |
localityName = Locality Name (eg, city)
|
|
|
c05f5d |
+localityName_default = Default City
|
|
|
c05f5d |
|
|
|
c05f5d |
0.organizationName = Organization Name (eg, company)
|
|
|
c05f5d |
-0.organizationName_default = Internet Widgits Pty Ltd
|
|
|
c05f5d |
+0.organizationName_default = Default Company Ltd
|
|
|
c05f5d |
|
|
|
c05f5d |
# we can do this but it is not needed normally :-)
|
|
|
c05f5d |
#1.organizationName = Second Organization Name (eg, company)
|
|
|
c05f5d |
@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city
|
|
|
c05f5d |
organizationalUnitName = Organizational Unit Name (eg, section)
|
|
|
c05f5d |
#organizationalUnitName_default =
|
|
|
c05f5d |
|
|
|
c05f5d |
-commonName = Common Name (e.g. server FQDN or YOUR name)
|
|
|
c05f5d |
+commonName = Common Name (eg, your name or your server\'s hostname)
|
|
|
c05f5d |
commonName_max = 64
|
|
|
c05f5d |
|
|
|
c05f5d |
emailAddress = Email Address
|
|
|
c05f5d |
@@ -339,7 +341,7 @@ signer_key = $dir/private/tsakey.pem # T
|
|
|
c05f5d |
default_policy = tsa_policy1 # Policy if request did not specify it
|
|
|
c05f5d |
# (optional)
|
|
|
c05f5d |
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
|
|
|
c05f5d |
-digests = md5, sha1 # Acceptable message digests (mandatory)
|
|
|
c05f5d |
+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
|
|
|
c05f5d |
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
|
|
|
c05f5d |
clock_precision_digits = 0 # number of digits after dot. (optional)
|
|
|
c05f5d |
ordering = yes # Is ordering defined for timestamps?
|